Control access to your APIs, and you can charge for them. Large companies see API access management at scale as a competitive advantage and a way to lock in customers. Think about Google docs: it only works if both parties have an account at Google.
But the Internet was not achieved by the offering of one domain. If each device and cloud service has proprietary security controls, people will have no way to effectively manage their personal digital infrastructure. Luckily, standards have emerged thanks to a simple but flexible JSON/REST framework called OAuth2, and the “OpenID Connect” and “User Managed Access” profiles of it.
This talk will provide a history of access management and a deep dive into the concepts, patterns, and tools to enable mobile and API developers to put new OAuth2 standards to use today. It will provide specific examples and workflows to bring OAuth2 to life to help organizations understand how they can hook into the API economy.